SlideShare a Scribd company logo

Hashing

Download as PPT, PDF
Hossain Md Shakhawat
Hossain Md Shakhawat

Hash algorithms

Education
1 of 56
1 Hash Algorithm
Hash AlgorithmHash Algorithm  A hash algorithm is a one way function that converts a data string into a numeric string output of fixed length. The output string is generally much smaller than the original data. Therefore it is also called message digest or message compression algorithm.  Hash algorithms are designed to be collision-resistant, meaning that there is a very low probability that the same string would be created for different data.  Two of the most common hash algorithms are the MD5 (Message-Digest algorithm 5) and the SHA-1 (Secure Hash Algorithm). MD5 Message Digest checksums are commonly used to validate data integrity when digital files are transferred or stored.
One-way Hash FunctionOne-way Hash Function  The notion of a one-way function is central to public-key cryptography.  A one-way hash function is a mathematical function which takes a variable-length input string (called pre-image) and converts it into a fixed-length binary sequence (called hash value).  It is also known as a message digest, fingerprint or compression function,  Furthermore, a one-way hash function is designed in such a way that it is hard to reverse the process, that is, it is easy to compute a hash value from pre-image but it is hard to generate a pre-image that hashes to a particular value.
Documents e.g. 10-MB Hash Value e.g.160-Bit Hash Function Compress Function A one way hash function H(M) operates on an arbitrary length pre-image message M, and return a fixed length hash value h. h=H(M) ,where h is the length of m One-way Hash FunctionOne-way Hash Function
 Many functions can take an arbitrary-length input and return an output of fixed length, but one-way hash functions have additional characteristics that make them one-way: 1. It is relatively easy to compute, but significantly harder to reverse. That is, given M it is easy to compute H(M), but given H(M) it is hard to compute x. 2. Moreover it is also very hard to find another message M’ such that H(M’)=H(M). In other words it is collision resistant.  In this context, "hard" is defined as something like: It would take millions of years to compute M from H(M), even if all the computers in the world were assigned to the problem. One-way Hash FunctionOne-way Hash Function
 When applying digital signature to a document, we no longer need to encrypt the entire document with a sender's private key, it can be extremely slow. It is sufficient to encrypt the document's hash value instead. Therefor hash algorithm is used to digest the message before applying DSA.  Although a one-way hash function is used mostly for generating digital signatures, it can have other practical applications as well, such as message integrity, password verification, generation of pseudorandom bits, file identification and message authentication code (MAC.)  The Microsoft cryptographic providers support these hash algorithms: MD4, MD5, SHA-1 and SHA256. One-way Hash FunctionOne-way Hash Function
 Hash functions of 64 bits are just too small to survive a birthday attack. Most practical one-way hash functions produce 128-bit hashes.  This forces anyone attempting the birthday attack to hash 264 random documents to find two that had the same hash value, not enough for lasting security.  NIST, in its Secure Hash Standard (SHS), uses a 160-bit hash value. This makes the birthday attack even harder, requiring 280 random hashes. Length of One-way HashLength of One-way Hash FunctionFunction
 A slight change in an input string should cause the hash value of the function to change drastically. Even if 1 bit is flipped in the input string, at least half of the bits in the hash value will flip as a result. This is called an avalanche effect.  Since it is computationally infeasible to produce a document that would hash to a given value or find two documents with the same hash value.  As there is almost no chance to have the same hash value of two different messages, so it is called collision free or collision resistant.  A document's hash can serve as a cryptographic equivalent of the document. This makes a one-way hash function a central notion in public-key cryptography. Collision ResistanceCollision Resistance
Hash CollisionHash Collision  When different input message results in the same hash value, then it is called hash collision.
Application: HashingApplication: Hashing PasswordPassword  Hashing passwords: It's a bad idea for computer systems to store passwords in cleartext (in their original form), because if the bad guy can somehow get to where they're stored, he gets all the passwords.  Knowing how many people foolishly use one password at multiple sites, getting a stash from one system may give access to others.  A more secure way is to store a hash of the password, rather than the password itself. Since these hashes are not reversible, there is no way to find out for sure "what password produced this hash?" - and the so consequence of a compromise is much lower.
Application: HashingApplication: Hashing PasswordPassword How password is stored using hash “Hello” Hash Algorithm 9a46ba811185c194762 Hash of the Password Stored Original Password Hashed Password
Applications of HashApplications of Hash “World” Hash Algorithm Hash of the Password Stored Wrong Password 9a46ba811185c194762er4a46b7w0534894789 Do Hashes Matched? Access GrantedAccess Denied Hash Value Mismatched [Yes][No] How password is verified using hash
Application: Verifying theApplication: Verifying the IntegrityIntegrity  Verifying file integrity The most obvious use is "verifying file integrity".  If you have just downloaded a large piece of software from a website, how do you know that you've received it correctly and that it has not been tampered with?  One way is to download the file again and compare the bits: if the bits are the same, you're probably ok, but if they're different, which ones are the right bits?  Finding out means yet another download with compare, and this gets very tedious very quickly. Instead, if the website publishes the hash values of its download bundles, you can check it yourself.
Application: With DigitalApplication: With Digital SignatureSignature  Hashing is to digest the original message while signing the document digitally. I agree to pay $50 for the software Hash Algorithm er4a46b7w05348 94789 Encrypt 43985dlfslfnsv90 64klj79dsflk6 Private Key Hash of Document Digital Signature Document to be Signed
Trapdoor One-way FunctionTrapdoor One-way Function  A trapdoor one-way function is a special type of one-way function, one with a secret trapdoor. It is easy to compute in one direction and hard to compute in the other direction. But, if you know the secret, you can easily compute the function in the other direction.  That is, it is easy to compute f(x) given x, and hard to compute x given f(x). However, there is some secret information, y, such that given f(x) and y it is easy to compute x.  A watch is a good example of a trap-door one-way function. It is easy to disassemble a watch into hundreds of pieces. It is very difficult to put those tiny pieces back together into a working watch. However, with the assembly instructions it is much easier
What is Birthday AttackWhat is Birthday Attack  A birthday attack is a name used to refer to a class of brute- force attacks. It is a type of cryptographic attack that exploits the mathematics behind the birthday problem in probability theory. This attack can be used to abuse communication between two or more parties.  It gets its name from the surprising result that the probability that two or more people in a group of 23 people share the same birthday is greater than 50.7%. Such a result is called a birthday paradox.  Birthday attacks are often used to find collisions of hash functions. However to understand birthday attack we have study the birthday problem.
Birthday ProblemBirthday Problem  In probability theory, the birthday problem or birthday paradoxconcerns the probability that, in a set of randomly chosen people, some pair of them will have the same birthday.  By the pigeonhole principle, the probability reaches 100% when the number of people reaches 367, since there are 366 possible birthdays, including February 29.  However, 99.9% probability is reached with just 70 people, and 50% probability with 23 people. These conclusions include the assumption that each day of the year (except February 29) is equally probable for a birthday.  The mathematics behind this problem led to a well-known cryptographic attack called the birthday attack, which uses this probabilistic model to reduce the complexity of finding a collision for a hash function.
Mathematical base of BirthdayMathematical base of Birthday ProblemProblem  The problem is to compute the approximate probability that in a group of n people, at least two have the same birthday.  The goal is to compute P(A), the probability that at least two people in the room have the same birthday.  However, it is simpler to calculate P(A'), the probability that no two people in the room have the same birthday. Because A and A' are the only two possibilities and are also mutually exclusive, P(A) = 1 − P(A').  When events are independent of each other, the probability of all of the events occurring is equal to a product of the probabilities of each of the events occurring. Therefore, if P(A') can be described as 23 independent events, P(A') could be calculated as P(1) × P(2) × P(3) × ... × P(23).
Mathematical base of BirthdayMathematical base of Birthday ProblemProblem  The 23 independent events correspond to the 23 people, and can be defined in order. Each event can be defined as the corresponding person not sharing his/her birthday with any of the previously analyzed people.  For Event 1, there are no previously analyzed people. Therefore, the probability, P(1), that Person 1 does not share his/her birthday with previously analyzed people is 1, or 100%.  Ignoring leap years for this analysis, the probability of person 1 can also be written as 365/365, for reasons that will become clear below.  For Event 2, the only previously analyzed people are Person 1. Assuming that birthdays are equally likely to happen on each of the 365 days of the year, the probability, P(2), that Person 2 has a different birthday than Person 1 is 364/365. This is because, if Person 2 was born on any of the other 364 days of the year, Persons 1 and 2 will not share the same birthday.
Mathematical base of BirthdayMathematical base of Birthday ProblemProblem  Similarly, if Person 3 is born on any of the 363 days of the year other than the birthdays of Persons 1 and 2, Person 3 will not share their birthday. This makes the probability P(3) = 363/365  P(A') is equal to the product of these individual probabilities:  Then  Finally P(A’) = 0.492703  Now as P(A)=1-P(A’) then P(A)= 1- 0.492703= 0.507297 or 50.7%  So the possibility of 2 person in a group of 23 people have same birthday is 50.7%
Mathematical base of BirthdayMathematical base of Birthday ProblemProblem  So the possibility of 2 person in a group of 23 people have same birthday is P(A)= 1- P(A‘)  Where P(A’)= is the possibility of not have same birthday, that is for a group of 23 people  Then we can write in general, the possibility of 2 person in a group of n people have same birthday is P(A)= 1- P(A‘)
Snefru: Hash AlgorithmSnefru: Hash Algorithm • Snefru is a cryptographic hash function invented by Ralph Merkle in 1990 while working at Xerox PARC. It was named after the Egyptian Pharaoh Sneferu, continuing the tradition of the Khufu and Khafre block ciphers. • The function supports 128-bit and 256-bit output, meaning Snefru hashes arbitrary-length messages into either 128-bit or 256-bit values.  The original design of Snefru was shown to be insecure by Eli Biham and Adi Shamir who were able to use differential cryptanalysis to find hash collisions
MD4 HashingMD4 Hashing  Both MD4 and MD5 were invented by Ron Rivest . MD stands for Message Digest. The algorithms produce 128-bit hash values.  It takes a message of arbitrary length as input and produces a 128 bit “fingerprint” or “message digest” or hash value as output .  It is computationally infeasible to produce two messages having the same message digest.  This algorithm has incluenced the posterior algorithms like MD5, SHA and RIPEMD.  MD4 is used to compute NTLM password-derived key digests on Microsoft Windows NT, XP, Vista and 7
MD4 HashingMD4 Hashing MD4("The quick brown fox jumps over the lazy dog") = 1bee69a46ba811185c194762abaeae90 Even a small change in the message will (with overwhelming probability) result in a completely different hash, e.g. changing d to c: MD4("The quick brown fox jumps over the lazy cog") = b86e130ce7028da59e672d56ad0113df The hash of the zero-length string is: MD4("") = 31d6cfe0d16ae931b73c59d7e0c089c0
MD4 AlgorithmMD4 Algorithm  We begin by supposing that we have a b bit message as input, and that we wish to find its message digest. Here b is an arbitrary nonnegative integer; b may be zero, it need not be a multiple of 8, and it may be arbitrarily large. We imagine the bits of the message written down as follows: m0 m1m2m3... mb-1
Little VS Big EndianLittle VS Big Endian  We've defined a word to mean 32 bits. This is the same as 4 bytes. Integers, single-precision floating point numbers, and MIPS instructions are all 32 bits long. How can we store these values into memory? After all, each memory address can store a single byte, not 4 bytes.  The answer is simple. We split the 32 bit quantity into 4 bytes. For example, suppose we have a 32 bit quantity, written as 90AB12CD16, which is hexadecimal. Since each hex digit is 4 bits, we need 8 hex digits to represent the 32 bit value.  So, the 4 bytes are: 90, AB, 12, CD where each byte requires 2 hex digits.  It turns out there are two ways to store this in memory.
Little VS Big EndianLittle VS Big Endian Address Value 1000 CD 1001 12 1002 AB 1003 90  In little endian, you store the least significant byte in the smallest address. That is the least significant byte is stored first. Little EndianLittle Endian  In big endian, you store the most significant byte in the smallest address, which is in the reverse order compared to little endian. Address Value 1000 90 1001 AB 1002 12 1003 CD Big EndianBig Endian
MD4 : Append bitsMD4 : Append bits  Step 1. Append padding bits : The message is padded (extended) so that its length (in bits) is congruent to 448, modulo 512. That is, the message is extended so that it is just 64 bits shy(Short) of being a multiple of 512 bits long. Padding is always performed, even if the length of the message is already congruent to 448, modulo 512 (in which case 512 bits of padding are added).  Padding is performed as follows: a single “1” bit is appended to the message, and then enough zero bits are appended so that the length in bits of the padded message becomes congruent to 448, modulo 512. (This padding operation is invertible, SO that different inputs yield different outputs-this would not be true if we merely(rarely) padded with 0’s.)
MD4 : Append LengthMD4 : Append Length  Step 2. Append length: A 64-bit representation of b (the length of the message before the padding bits were added) is appended to the result of the previous step. These bits are appended as two 32-bit words and appended low-order word first in accordance with the previous conventions. In the unlikely event that b is greater than 264 , then only the low-order 64 bits of b are used.  At this point the resulting message (after padding with bits and with b) has a length that is an exact multiple of 512 bits. Equivalently, this message has a length that is an exact multiple of 16 (32-bit) words. Let M[O.. . N – 1] denote the words of the resulting message, where N is a multiple of 16.
MD4 : Initialize MD BufferMD4 : Initialize MD Buffer  Step 3. Initialize MD buffer: A 4-word buffer (A, B, C, D) is used to compute the message digest. Here each of A, B, C, D is a 32-bit register. These registers are initialized to the following values (in hexadecimal, low-order bytes first): word A: 01 23 45 67 word B: 89 ab cd ef word C: fe dc ba 98 word D: 76 54 32 10
MD4 : Process MessageMD4 : Process Message  Step 4. Process message in 16-word blocks : Process message in 16- word blocks. It contain 3 round with 16 steps or operation each(MD5 has 4 rounds). It take three 32 bit words as input and produce one 32 bit word as output.  We first define three auxiliary functions that each take as input three 32-bit words and produce as output one 32-bit word. F(X, Y, Z)=(X Y ) (¬X Z) [Step 0 to 15]∧ ∨ ∧ G(X, Y, Z)=(X Y ) (X Z) (Y Z) [Step 16 to 31]∧ ∨ ∧ ∨ ∧ H(X, Y, Z)=X Y Z [Step 32 to 47]⊕ ⊕ Where is XOR,⊕ is AND, is OR and∧ ∨ ¬ is NOT  In each bit position F facts as a conditional: if x then y else z. In each bit position G acts as a majority function: if at least two of x,y, z are one, then G has a one in that position. The function H is the bit-wise xor or parity function.  MD4 utilizes two “magic constants” in rounds two and three.
MD4 : Output MessageMD4 : Output Message  Step 5 – output : The message digest produced as output is A, B, C, D. That is, we begin with the low-order byte of A, and end with the high-order byte of D
MD4 Design GoalMD4 Design Goal  Rivest outlined his design goals for the algorithm: 1. Security : It is computationally infeasible to find two messages that hashed to the same value. 2. Direct Security : MD4’s security is not based on any assumption rather than the computational efficiency of computer 3. Attack : No attack is more efficient than brute force. 4. Speed : MD4 is suitable for high-speed software implementations. It is based on a simple set of bit manipulations on 32-bit operands. 5. Simplicity and Compactness : MD4 is as simple as possible, without large data structures or a complicated program. 6. Favor Little-Endian Architectures : Meaning it stores the least- significant byte of a word in the low-address byte position(to the right most position).MD4 is optimized for microprocessor architectures (specifically Intel microprocessors); larger and faster computers make any necessary translations.
Security of MD4Security of MD4  The security of MD4 has been severely compromised. The first full collision attack against MD4 was published in 1995 and several newer attacks have been published since then. As of 2007, an attack can generate collisions in less than 2 MD4 hash operations. A theoretical preimage attack also exists.  For evaluating the strength of a hash function 2 concepts are in use. 1. Resistant to preimage attack: Given a hash value obtain a message that has the same hash value. 2. Resistant to collision attack: Obtain two message that has the same hash.
MD4 VS MD5MD4 VS MD5  Actually both MD4 & MD5 are not encryption algorithm, they are a hash function that produce a 128-bit hash value. These are used with encryption algorithms, sometimes.  The following are the differences between MD4 and MD5: 1. A fourth round has been added. 2. Each step now has a unique additive constant. 3. The function G in round 2 was changed from (XY v XZ v YZ) to (XZ v Y not(Z)) to make G less symmetric. 4. Each step now adds in the result of the previous step. This promotes a faster "avalanche effect". 5. The order in which input words are accessed in rounds 2 and 3 is changed, to make these patterns less like each other. 6. The shift amounts in each round have been approximately optimized, to yield a faster "avalanche effect." The shifts in different rounds are distinct.
MD5 HashingMD5 Hashing  The MD5 message-digest algorithm is a widely used cryptographic hash function producing a 128-bit (16-byte) hash value, typically expressed in text format as a 32 digit hexadecimal number. MD5 were invented by Ron Rivest as an improved version of MD4.  MD5 has been utilized in a wide variety of cryptographic applications, and is also commonly used to verify data integrity. It is Intended where a large file must be “compressed” in a secure manner before being encrypted with a private key under a public-key cryptosystem such as PGP.  MD5 can be used to store a one-way hash of a password, often with key stretching.
Security of MD5Security of MD5  In 2004 it was shown that MD5 is not collision resistant. As such, MD5 is not suitable for applications like SSL certificates or digital signatures that rely on this property for digital security.  Also in 2004 more serious flaws were discovered in MD5, making further use of the algorithm for security purposes questionable. Specifically, a group of researchers described how to create a pair of files that share the same MD5 checksum.  Further advances were made in breaking MD5 in 2005, 2006, and 2007.  In December 2008, a group of researchers used this technique to fake SSL certificate validity, and CMU Software Engineering Institute now says that “MD5 should be considered cryptographically broken and unsuitable for further use"
MD5 : Append bitsMD5 : Append bits  Step 1. Append padding bits : The message is padded (extended) so that its length (in bits) is congruent to 448, modulo 512. That is, the message is extended so that it is just 64 bits shy(Short) of being a multiple of 512 bits long. Padding is always performed, even if the length of the message is already congruent to 448, modulo 512 (in which case 512 bits of padding are added).  Padding is performed as follows: a single “1” bit is appended to the message, and then enough zero bits are appended so that the length in bits of the padded message becomes congruent to 448, modulo 512. (This padding operation is invertible, SO that different inputs yield different outputs-this would not be true if we merely(rarely) padded with 0’s.)
MD5 : Append LengthMD5 : Append Length  Step 2. Append length: A 64-bit representation of b (the length of the message before the padding bits were added) is appended to the result of the previous step. These bits are appended as two 32-bit words and appended low-order word first in accordance with the previous conventions. In the unlikely event that b is greater than 264 , then only the low-order 64 bits of b are used.  At this point the resulting message (after padding with bits and with b) has a length that is an exact multiple of 512 bits. Equivalently, this message has a length that is an exact multiple of 16 (32-bit) words. Let M[O.. . N – 1] denote the words of the resulting message, where N is a multiple of 16.
MD5 : Initialize MD BufferMD5 : Initialize MD Buffer  Step 3. Initialize MD buffer: A 4-word buffer (A, B, C, D) is used to compute the message digest. Here each of A, B, C, D is a 32-bit register. These registers are initialized to the following values (in hexadecimal, low-order bytes first): word A: 01 23 45 67 word B: 89 ab cd ef word C: fe dc ba 98 word D: 76 54 32 10  There are called chaining variables
MD5 : Process MessageMD5 : Process Message  Step 4. Process message in 16-word blocks : Process message in 16- word blocks. It contain 4 round with 16 steps or operation each(MD4 has 3 rounds). It take three 32 bit words as input and produce one 32 bit word as output.  We first define three auxiliary functions that each take as input three 32-bit words and produce as output one 32-bit word. F(X,Y,Z) = (X∧Y) ∨ ((¬ X)∧Z) [Step 0 to 15] G(X,Y,Z) = (X∧Z) ∨ (Y∧(¬ Z)) [Step 16 to 31] H(X,Y,Z) = X Y Z⊕ ⊕ [Step 32 to 47] I(X,Y,Z) = Y ⊕ (X∨(¬ Z)) [Step 48 to 64]  In each bit position f acts as a conditional: if x then y else z. In each bit position g acts as a majority function: if at least two of x,y, z are one, then g has a one in that position. The function h is the bit-wise xor or parity function.  MD4 utilizes two “magic constants” in rounds two and three. The round two constant is fi and the round 3 constant is a
MD5 : Output MessageMD5 : Output Message  Step 5 output : The message digest produced as output is A, B, C, D. That is, we begin with the low-order byte of A, and end with the high-order byte of D Main Loop of MD5
One MD5 OperationOne MD5 Operation  MD4 consists of 48 of these operations, grouped in 3 rounds of 16 operations.  While MD5 consists of 64 of these operations, grouped in 4 rounds of operations.  F is a nonlinear function; one function is used in each round.  Mi denotes a 32-bit block of the message input, and Ki denotes a 32-bit constant, different for each operation
MD5 : ApplicationsMD5 : Applications  MD5 digests have been widely used in the software world to provide some assurance that a transferred file has arrived intact. For example, file servers often provide a pre-computed MD5 (known as Md5sum) checksum for the files, so that a user can compare the checksum of the downloaded file to it.  Most unix-based operating systems include MD5 sum utilities in their distribution packages;  Windows users may install a Microsoft utility or use third- party applications.  Android ROMs also utilize this type of checksum.
SHA: Secure Hashing AlgorithmSHA: Secure Hashing Algorithm  The Secure Hash Algorithm is a family of cryptographic hash functions published by the National Institute of Standards and Technology (NIST) as a U.S. Federal Information Processing Standard (FIPS)  It includes the following variations: 1. SHA 2. SHA-0 3. SHA-1 4. SHA-2 5. SHA-3
 The SHA is called secure because it is designed to be computationally infeasible to find two different messages which produce the same message digest. Any change to a message in transit will result in a different message digest, and the signature will fail to verify.  Secure Hash Algorithm (SHA) is necessary to ensure the security of the Digital Signature Algorithm (DSA).It takes a message of any length <264 bits as input and produces a 160-bit message digest as output.  The message digest is then input to the DSA, which computes the signature for the message. Signing the message digest rather than the message often improves the efficiency of the process, because the message digest is usually much smaller than the message. SHA: Secure Hashing AlgorithmSHA: Secure Hashing Algorithm
SHA: VariationsSHA: Variations  SHA: It is the original version and 160-bit hash function published in 1993.  SHA-0: A retronym applied to the original version of the 160- bit hash function published in 1993 under the name "SHA". It was withdrawn shortly after publication due to an undisclosed "significant flaw" and replaced by the slightly revised version SHA-1.  SHA-1: A 160-bit hash function which resembles the earlier MD5 algorithm. This was designed by the NSA to be part of the Digital Signature Algorithm. Cryptographic weaknesses were discovered in SHA-1, and the standard was no longer approved for most cryptographic uses after 2010.
SHA: VariationsSHA: Variations • SHA-2: It is a family of two similar hash functions known as SHA-256 and SHA-512, with different block sizes. Both algorithm belongs to SHA-2. They differ in the word size. SHA- 256 uses 32-bit words where SHA-512 uses 64-bit words. There are also truncated versions of each standard, known as SHA-224, SHA-384, SHA-512/224 and SHA-512/256. These were also designed by the NSA. • SHA-3: A hash function formerly called Keccak, chosen in 2012 after a public competition among non-NSA designers. It supports the same hash lengths as SHA-2 but its internal structure differs significantly from the rest of the SHA family.
SHA: Append BitsSHA: Append Bits  Suppose given a b-bit message as input and we need to find its message digest.  Step 1. Append padding bits : The message is padded exactly as MD5.  The message is padded (extended) so that its length (in bits) is congruent to 448, modulo 512. That is, the message is extended so that it is just 64 bits shy(Short) of being a multiple of 512 bits long. Padding is always performed, even if the length of the message is already congruent to 448, modulo 512 (in which case 512 bits of padding are added).  Padding is performed as follows: a single “1” bit is appended to the message, and then enough zero bits are appended so that the length in bits of the padded message becomes congruent to 448, modulo 512.
 Step 2 – append length: A 64 bit representation of message b is appended to the result of the previous step . The resulting message has a length that is an exact multiple of 512 bits.  Step 3 – Initialize MD Buffer: A five-word buffer (A,B,C,D) is used to compute the message digest. Here each of A,B,C,D,E is a 32 bit register . These registers are initialized to the following values in hexadecimal: Word A : 67 45 23 01 Word B : ef cd ab 89 Word C : 98 ba dc fe Word D : 10 32 54 76 Word E : c3 d2 e1 f0  These are called chaining variables SHA: Append BitsSHA: Append Bits
 Step 4 – Process message in 16-word blocks. It contains 4 rounds with 20 steps or operations each(MD4 has 3 and MD5 has 4rounds). Four auxiliary functions that take three 32 bit as input words and produce one 32-bit word as output. ft(X,Y,Z) = (X∧Y) ∨ ((¬ X)∧Z) for t=0 to 19 ft(X,Y,Z) = X Y Z for t=20 to 39⊕ ⊕ ft(X,Y,Z) = (X Y ) (X Z) (Y Z) for t=40 to 59∧ ∨ ∧ ∨ ∧ ft(X,Y,Z) = X Y Z for t=60 to 79⊕ ⊕  Step 5 – output : The message digest produced as output is A, B, C, D. That is, output begins with the low-order byte of A, and end with the high-order byte of E. SHA: Process MessageSHA: Process Message
SHA-1 VS MD5SHA-1 VS MD5 1. Brute force attack is harder (160 vs 128 bits for MD5) 2. Not vulnerable to any known attacks (compared to MD4/5) 3. Little slower than MD5 (80 vs 64 steps) 4. Both designed as simple and compact 5. Optimised for big endian CPU's (vs MD5 which is optimised for little endian CPU’s)
Security of SHASecurity of SHA  Ron Rivest outlined the improvements of SHA with respect to MD4 and MD5: 1. “A fourth round has been added.” SHA does this too. But in SHA 4th round uses the same f function as the 2nd round. 2. “ Each step now has a unique additive constant ”. But SHA reuses the constants for each group of 20 rounds like the MD4. 3. “The function G in round 2 was changed from ((X∧ Y ) ∨ ( X ∧ Z ) ∨ ( Y ∧ Z )) to ((X∧Z) ∨(Y∧ (¬ Z )) to make G less symmetric.” SHA uses the MD4 version ((X∧ Y ) ∨ ( X ∧ Z ) ∨ ( Y ∧ Z ))
4. “The order in which message sub-blocks are accessed in rounds 2 and 3 is changed”. SHA is completely different ,it uses a cyclic error correcting code. 5. “Each step now adds in the result of the previous step. This promotes a faster avalanche effect”. SHA also follows this change 6. “The amounts of left circular shift in each round have been approximately optimized, to yield a faster avalanche effect. The four shifts used in each round are different from the ones used in other rounds.” SHA uses a constant amount of shifts in each round like MD4 Security of SHASecurity of SHA
ReferencesReferences  http://en.wikipedia.org/wiki/  Applied Cryptography by Bruce Schneier; 10th Anniversary edition
56 Md. Shakhawat Hossain Student of Department of Computer Science & Engineering University of Rajshahi E-mail: mshimul86@gmail.com

Recommended

Message Authentication Code & HMAC
Message Authentication Code & HMACMessage Authentication Code & HMAC
Message Authentication Code & HMACKrishna Gehlot
 
Network security cryptographic hash function
Network security cryptographic hash functionNetwork security cryptographic hash function
Network security cryptographic hash functionMijanur Rahman Milon
 
Message digest 5
Message digest 5Message digest 5
Message digest 5Tirthika Bandi
 
Public Key Cryptosystem
Public Key CryptosystemPublic Key Cryptosystem
Public Key CryptosystemDevakumar Kp
 
Elgamal &amp; schnorr digital signature scheme copy
Elgamal &amp; schnorr digital signature scheme copyElgamal &amp; schnorr digital signature scheme copy
Elgamal &amp; schnorr digital signature scheme copyNorth Cap University (NCU) Formely ITM University
 
Symmetric and asymmetric key
Symmetric and asymmetric keySymmetric and asymmetric key
Symmetric and asymmetric keyTriad Square InfoSec
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to CryptographySeema Goel
 
How Hashing Algorithms Work
How Hashing Algorithms WorkHow Hashing Algorithms Work
How Hashing Algorithms WorkCheapSSLsecurity
 

Recommended

Message Authentication Code & HMAC
Message Authentication Code & HMACMessage Authentication Code & HMAC
Message Authentication Code & HMACKrishna Gehlot
 
Network security cryptographic hash function
Network security cryptographic hash functionNetwork security cryptographic hash function
Network security cryptographic hash functionMijanur Rahman Milon
 
Message digest 5
Message digest 5Message digest 5
Message digest 5Tirthika Bandi
 
Public Key Cryptosystem
Public Key CryptosystemPublic Key Cryptosystem
Public Key CryptosystemDevakumar Kp
 
Elgamal &amp; schnorr digital signature scheme copy
Elgamal &amp; schnorr digital signature scheme copyElgamal &amp; schnorr digital signature scheme copy
Elgamal &amp; schnorr digital signature scheme copyNorth Cap University (NCU) Formely ITM University
 
Symmetric and asymmetric key
Symmetric and asymmetric keySymmetric and asymmetric key
Symmetric and asymmetric keyTriad Square InfoSec
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to CryptographySeema Goel
 
How Hashing Algorithms Work
How Hashing Algorithms WorkHow Hashing Algorithms Work
How Hashing Algorithms WorkCheapSSLsecurity
 
Hash function
Hash function Hash function
Hash function Salman Memon
 
Cryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipherCryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipherNiloy Biswas
 
Cryptographic Hashing Functions
Cryptographic Hashing FunctionsCryptographic Hashing Functions
Cryptographic Hashing FunctionsYusuf Uzun
 
Ch14
Ch14Ch14
Ch14Francis Alamina
 
Cryptography
CryptographyCryptography
CryptographySidharth Mohapatra
 
Cryptographic hash function md5
Cryptographic hash function md5Cryptographic hash function md5
Cryptographic hash function md5Khulna University, Khulna, Bangladesh
 
Hash Function
Hash FunctionHash Function
Hash Functionstalin rijal
 
Computer Security Lecture 3: Classical Encryption Techniques 2
Computer Security Lecture 3: Classical Encryption Techniques 2Computer Security Lecture 3: Classical Encryption Techniques 2
Computer Security Lecture 3: Classical Encryption Techniques 2Mohamed Loey
 
block ciphers
block ciphersblock ciphers
block ciphersAsad Ali
 
Cryptography ppt
Cryptography pptCryptography ppt
Cryptography pptOECLIB Odisha Electronics Control Library
 
substitution and transposition techniques_ppt.pptx
substitution and transposition techniques_ppt.pptxsubstitution and transposition techniques_ppt.pptx
substitution and transposition techniques_ppt.pptxGauriBornare1
 
Principles of public key cryptography and its Uses
Principles of public key cryptography and its UsesPrinciples of public key cryptography and its Uses
Principles of public key cryptography and its UsesMohsin Ali
 
Cryptography
CryptographyCryptography
CryptographyKalyani Government Engineering College
 
Hash Function
Hash FunctionHash Function
Hash FunctionSiddharth Srivastava
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)amanchaurasia
 
DES (Data Encryption Standard) pressentation
DES (Data Encryption Standard) pressentationDES (Data Encryption Standard) pressentation
DES (Data Encryption Standard) pressentationsarhadisoftengg
 
Idea(international data encryption algorithm)
Idea(international data encryption algorithm)Idea(international data encryption algorithm)
Idea(international data encryption algorithm)SAurabh PRajapati
 
RC4&RC5
RC4&RC5RC4&RC5
RC4&RC5Mohamed El-Serngawy
 
Information and data security cryptographic hash functions
Information and data security cryptographic hash functionsInformation and data security cryptographic hash functions
Information and data security cryptographic hash functionsMazin Alwaaly
 
Dss digital signature standard and dsa algorithm
Dss digital signature standard and dsa algorithmDss digital signature standard and dsa algorithm
Dss digital signature standard and dsa algorithmAbhishek Kesharwani
 
Hash Function.pdf
Hash Function.pdfHash Function.pdf
Hash Function.pdfSantosh Gupta
 
Hash crypto
Hash cryptoHash crypto
Hash cryptoFraboni Ec
 

More Related Content

What's hot

Cryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipherCryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipherNiloy Biswas
 
Cryptographic Hashing Functions
Cryptographic Hashing FunctionsCryptographic Hashing Functions
Cryptographic Hashing FunctionsYusuf Uzun
 
Computer Security Lecture 3: Classical Encryption Techniques 2
Computer Security Lecture 3: Classical Encryption Techniques 2Computer Security Lecture 3: Classical Encryption Techniques 2
Computer Security Lecture 3: Classical Encryption Techniques 2Mohamed Loey
 
block ciphers
block ciphersblock ciphers
block ciphersAsad Ali
 
substitution and transposition techniques_ppt.pptx
substitution and transposition techniques_ppt.pptxsubstitution and transposition techniques_ppt.pptx
substitution and transposition techniques_ppt.pptxGauriBornare1
 
Principles of public key cryptography and its Uses
Principles of public key cryptography and its UsesPrinciples of public key cryptography and its Uses
Principles of public key cryptography and its UsesMohsin Ali
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)amanchaurasia
 
DES (Data Encryption Standard) pressentation
DES (Data Encryption Standard) pressentationDES (Data Encryption Standard) pressentation
DES (Data Encryption Standard) pressentationsarhadisoftengg
 
Idea(international data encryption algorithm)
Idea(international data encryption algorithm)Idea(international data encryption algorithm)
Idea(international data encryption algorithm)SAurabh PRajapati
 
Information and data security cryptographic hash functions
Information and data security cryptographic hash functionsInformation and data security cryptographic hash functions
Information and data security cryptographic hash functionsMazin Alwaaly
 
Dss digital signature standard and dsa algorithm
Dss digital signature standard and dsa algorithmDss digital signature standard and dsa algorithm
Dss digital signature standard and dsa algorithmAbhishek Kesharwani
 

What's hot (20)

Hash function
Hash function Hash function
Hash function
 
Cryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipherCryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipher
 
Cryptographic Hashing Functions
Cryptographic Hashing FunctionsCryptographic Hashing Functions
Cryptographic Hashing Functions
 
Ch14
Ch14Ch14
Ch14
 
Cryptography
CryptographyCryptography
Cryptography
 
Cryptographic hash function md5
Cryptographic hash function md5Cryptographic hash function md5
Cryptographic hash function md5
 
Hash Function
Hash FunctionHash Function
Hash Function
 
Computer Security Lecture 3: Classical Encryption Techniques 2
Computer Security Lecture 3: Classical Encryption Techniques 2Computer Security Lecture 3: Classical Encryption Techniques 2
Computer Security Lecture 3: Classical Encryption Techniques 2
 
block ciphers
block ciphersblock ciphers
block ciphers
 
Cryptography ppt
Cryptography pptCryptography ppt
Cryptography ppt
 
substitution and transposition techniques_ppt.pptx
substitution and transposition techniques_ppt.pptxsubstitution and transposition techniques_ppt.pptx
substitution and transposition techniques_ppt.pptx
 
Principles of public key cryptography and its Uses
Principles of public key cryptography and its UsesPrinciples of public key cryptography and its Uses
Principles of public key cryptography and its Uses
 
Cryptography
CryptographyCryptography
Cryptography
 
Hash Function
Hash FunctionHash Function
Hash Function
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)
 
DES (Data Encryption Standard) pressentation
DES (Data Encryption Standard) pressentationDES (Data Encryption Standard) pressentation
DES (Data Encryption Standard) pressentation
 
Idea(international data encryption algorithm)
Idea(international data encryption algorithm)Idea(international data encryption algorithm)
Idea(international data encryption algorithm)
 
RC4&RC5
RC4&RC5RC4&RC5
RC4&RC5
 
Information and data security cryptographic hash functions
Information and data security cryptographic hash functionsInformation and data security cryptographic hash functions
Information and data security cryptographic hash functions
 
Dss digital signature standard and dsa algorithm
Dss digital signature standard and dsa algorithmDss digital signature standard and dsa algorithm
Dss digital signature standard and dsa algorithm
 

Similar to Hashing

Finally, in responding to your peers’ posts, assess your peers’ reco.docx
Finally, in responding to your peers’ posts, assess your peers’ reco.docxFinally, in responding to your peers’ posts, assess your peers’ reco.docx
Finally, in responding to your peers’ posts, assess your peers’ reco.docxRAJU852744
 
unit 4.pptx of hash function in cryptography
unit 4.pptx of hash function in cryptographyunit 4.pptx of hash function in cryptography
unit 4.pptx of hash function in cryptographyNithyasriA2
 
The MD5 hashing algorithm
The MD5 hashing algorithmThe MD5 hashing algorithm
The MD5 hashing algorithmBob Landstrom
 
NSC_Unit-III_final.ppt
NSC_Unit-III_final.pptNSC_Unit-III_final.ppt
NSC_Unit-III_final.pptDrVASAVIBANDE
 
2 Cryptographic_Hash_Functions.pptx
2 Cryptographic_Hash_Functions.pptx2 Cryptographic_Hash_Functions.pptx
2 Cryptographic_Hash_Functions.pptxChinnu Chinnu
 
Password cracking
Password crackingPassword cracking
Password crackingIlan Mindel
 
Information and network security 38 birthday attacks and security of hash fun...
Information and network security 38 birthday attacks and security of hash fun...Information and network security 38 birthday attacks and security of hash fun...
Information and network security 38 birthday attacks and security of hash fun...Vaibhav Khanna
 
Cryptography and Network Security Principles and PracticeSeve.docx
Cryptography and Network Security Principles and PracticeSeve.docxCryptography and Network Security Principles and PracticeSeve.docx
Cryptography and Network Security Principles and PracticeSeve.docxmydrynan
 
secure hash function for authentication in CNS
secure hash function for authentication in CNSsecure hash function for authentication in CNS
secure hash function for authentication in CNSNithyasriA2
 

Similar to Hashing (20)

Hash Function.pdf
Hash Function.pdfHash Function.pdf
Hash Function.pdf
 
Hash crypto
Hash cryptoHash crypto
Hash crypto
 
Hash crypto
Hash cryptoHash crypto
Hash crypto
 
Hash crypto
Hash cryptoHash crypto
Hash crypto
 
Hash crypto
Hash cryptoHash crypto
Hash crypto
 
Hash crypto
Hash cryptoHash crypto
Hash crypto
 
Hash crypto
Hash cryptoHash crypto
Hash crypto
 
Hash crypto
Hash cryptoHash crypto
Hash crypto
 
Finally, in responding to your peers’ posts, assess your peers’ reco.docx
Finally, in responding to your peers’ posts, assess your peers’ reco.docxFinally, in responding to your peers’ posts, assess your peers’ reco.docx
Finally, in responding to your peers’ posts, assess your peers’ reco.docx
 
unit 4.pptx of hash function in cryptography
unit 4.pptx of hash function in cryptographyunit 4.pptx of hash function in cryptography
unit 4.pptx of hash function in cryptography
 
Hashing
HashingHashing
Hashing
 
The MD5 hashing algorithm
The MD5 hashing algorithmThe MD5 hashing algorithm
The MD5 hashing algorithm
 
NSC_Unit-III_final.ppt
NSC_Unit-III_final.pptNSC_Unit-III_final.ppt
NSC_Unit-III_final.ppt
 
2 Cryptographic_Hash_Functions.pptx
2 Cryptographic_Hash_Functions.pptx2 Cryptographic_Hash_Functions.pptx
2 Cryptographic_Hash_Functions.pptx
 
Unit 4
Unit 4Unit 4
Unit 4
 
Password cracking
Password crackingPassword cracking
Password cracking
 
SPIE-2014
SPIE-2014SPIE-2014
SPIE-2014
 
Information and network security 38 birthday attacks and security of hash fun...
Information and network security 38 birthday attacks and security of hash fun...Information and network security 38 birthday attacks and security of hash fun...
Information and network security 38 birthday attacks and security of hash fun...
 
Cryptography and Network Security Principles and PracticeSeve.docx
Cryptography and Network Security Principles and PracticeSeve.docxCryptography and Network Security Principles and PracticeSeve.docx
Cryptography and Network Security Principles and PracticeSeve.docx
 
secure hash function for authentication in CNS
secure hash function for authentication in CNSsecure hash function for authentication in CNS
secure hash function for authentication in CNS
 

More from Hossain Md Shakhawat

Recipe for the effective presentaion
Recipe for the effective presentaionRecipe for the effective presentaion
Recipe for the effective presentaionHossain Md Shakhawat
 
Breadth first search and depth first search
Breadth first search and depth first searchBreadth first search and depth first search
Breadth first search and depth first searchHossain Md Shakhawat
 
Introduction to programming with c,
Introduction to programming with c,Introduction to programming with c,
Introduction to programming with c,Hossain Md Shakhawat
 
Introduction to digital image processing
Introduction to digital image processingIntroduction to digital image processing
Introduction to digital image processingHossain Md Shakhawat
 
Input devices_(Mouse and Keyboard)
Input devices_(Mouse and Keyboard)Input devices_(Mouse and Keyboard)
Input devices_(Mouse and Keyboard)Hossain Md Shakhawat
 

More from Hossain Md Shakhawat (20)

Recipe for the effective presentaion
Recipe for the effective presentaionRecipe for the effective presentaion
Recipe for the effective presentaion
 
The Road to Higher study in Japan
The Road to Higher study in JapanThe Road to Higher study in Japan
The Road to Higher study in Japan
 
Application of dfs
Application of dfsApplication of dfs
Application of dfs
 
Breadth first search and depth first search
Breadth first search and depth first searchBreadth first search and depth first search
Breadth first search and depth first search
 
Islamic jurisprudence
Islamic jurisprudenceIslamic jurisprudence
Islamic jurisprudence
 
Introduction to Medical Imaging
Introduction to Medical ImagingIntroduction to Medical Imaging
Introduction to Medical Imaging
 
Jpeg compression
Jpeg compressionJpeg compression
Jpeg compression
 
Surah Fatiha
Surah FatihaSurah Fatiha
Surah Fatiha
 
Decision making and looping
Decision making and loopingDecision making and looping
Decision making and looping
 
Decision making and branching
Decision making and branchingDecision making and branching
Decision making and branching
 
Digital signature
Digital signatureDigital signature
Digital signature
 
Caesar cipher
Caesar cipherCaesar cipher
Caesar cipher
 
Rsa rivest shamir adleman
Rsa rivest shamir adlemanRsa rivest shamir adleman
Rsa rivest shamir adleman
 
Fundamentals of cryptography
Fundamentals of cryptographyFundamentals of cryptography
Fundamentals of cryptography
 
Introduction to programming with c,
Introduction to programming with c,Introduction to programming with c,
Introduction to programming with c,
 
Introduction to digital image processing
Introduction to digital image processingIntroduction to digital image processing
Introduction to digital image processing
 
History of computing
History of computingHistory of computing
History of computing
 
Introduction to Printers
Introduction to PrintersIntroduction to Printers
Introduction to Printers
 
Input devices_(Mouse and Keyboard)
Input devices_(Mouse and Keyboard)Input devices_(Mouse and Keyboard)
Input devices_(Mouse and Keyboard)
 
Binary search tree(bst)
Binary search tree(bst)Binary search tree(bst)
Binary search tree(bst)
 

Recently uploaded

How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesFatimaKhan178732
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxRoyAbrique
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppCeline George
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Sakshi Ghasle
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 

Recently uploaded (20)

How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and Actinides
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website App
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 

Hashing

  • 2. Hash AlgorithmHash Algorithm  A hash algorithm is a one way function that converts a data string into a numeric string output of fixed length. The output string is generally much smaller than the original data. Therefore it is also called message digest or message compression algorithm.  Hash algorithms are designed to be collision-resistant, meaning that there is a very low probability that the same string would be created for different data.  Two of the most common hash algorithms are the MD5 (Message-Digest algorithm 5) and the SHA-1 (Secure Hash Algorithm). MD5 Message Digest checksums are commonly used to validate data integrity when digital files are transferred or stored.
  • 3. One-way Hash FunctionOne-way Hash Function  The notion of a one-way function is central to public-key cryptography.  A one-way hash function is a mathematical function which takes a variable-length input string (called pre-image) and converts it into a fixed-length binary sequence (called hash value).  It is also known as a message digest, fingerprint or compression function,  Furthermore, a one-way hash function is designed in such a way that it is hard to reverse the process, that is, it is easy to compute a hash value from pre-image but it is hard to generate a pre-image that hashes to a particular value.
  • 4. Documents e.g. 10-MB Hash Value e.g.160-Bit Hash Function Compress Function A one way hash function H(M) operates on an arbitrary length pre-image message M, and return a fixed length hash value h. h=H(M) ,where h is the length of m One-way Hash FunctionOne-way Hash Function
  • 5.  Many functions can take an arbitrary-length input and return an output of fixed length, but one-way hash functions have additional characteristics that make them one-way: 1. It is relatively easy to compute, but significantly harder to reverse. That is, given M it is easy to compute H(M), but given H(M) it is hard to compute x. 2. Moreover it is also very hard to find another message M’ such that H(M’)=H(M). In other words it is collision resistant.  In this context, "hard" is defined as something like: It would take millions of years to compute M from H(M), even if all the computers in the world were assigned to the problem. One-way Hash FunctionOne-way Hash Function
  • 6.  When applying digital signature to a document, we no longer need to encrypt the entire document with a sender's private key, it can be extremely slow. It is sufficient to encrypt the document's hash value instead. Therefor hash algorithm is used to digest the message before applying DSA.  Although a one-way hash function is used mostly for generating digital signatures, it can have other practical applications as well, such as message integrity, password verification, generation of pseudorandom bits, file identification and message authentication code (MAC.)  The Microsoft cryptographic providers support these hash algorithms: MD4, MD5, SHA-1 and SHA256. One-way Hash FunctionOne-way Hash Function
  • 7.  Hash functions of 64 bits are just too small to survive a birthday attack. Most practical one-way hash functions produce 128-bit hashes.  This forces anyone attempting the birthday attack to hash 264 random documents to find two that had the same hash value, not enough for lasting security.  NIST, in its Secure Hash Standard (SHS), uses a 160-bit hash value. This makes the birthday attack even harder, requiring 280 random hashes. Length of One-way HashLength of One-way Hash FunctionFunction
  • 8.  A slight change in an input string should cause the hash value of the function to change drastically. Even if 1 bit is flipped in the input string, at least half of the bits in the hash value will flip as a result. This is called an avalanche effect.  Since it is computationally infeasible to produce a document that would hash to a given value or find two documents with the same hash value.  As there is almost no chance to have the same hash value of two different messages, so it is called collision free or collision resistant.  A document's hash can serve as a cryptographic equivalent of the document. This makes a one-way hash function a central notion in public-key cryptography. Collision ResistanceCollision Resistance
  • 9. Hash CollisionHash Collision  When different input message results in the same hash value, then it is called hash collision.
  • 10. Application: HashingApplication: Hashing PasswordPassword  Hashing passwords: It's a bad idea for computer systems to store passwords in cleartext (in their original form), because if the bad guy can somehow get to where they're stored, he gets all the passwords.  Knowing how many people foolishly use one password at multiple sites, getting a stash from one system may give access to others.  A more secure way is to store a hash of the password, rather than the password itself. Since these hashes are not reversible, there is no way to find out for sure "what password produced this hash?" - and the so consequence of a compromise is much lower.
  • 11. Application: HashingApplication: Hashing PasswordPassword How password is stored using hash “Hello” Hash Algorithm 9a46ba811185c194762 Hash of the Password Stored Original Password Hashed Password
  • 12. Applications of HashApplications of Hash “World” Hash Algorithm Hash of the Password Stored Wrong Password 9a46ba811185c194762er4a46b7w0534894789 Do Hashes Matched? Access GrantedAccess Denied Hash Value Mismatched [Yes][No] How password is verified using hash
  • 13. Application: Verifying theApplication: Verifying the IntegrityIntegrity  Verifying file integrity The most obvious use is "verifying file integrity".  If you have just downloaded a large piece of software from a website, how do you know that you've received it correctly and that it has not been tampered with?  One way is to download the file again and compare the bits: if the bits are the same, you're probably ok, but if they're different, which ones are the right bits?  Finding out means yet another download with compare, and this gets very tedious very quickly. Instead, if the website publishes the hash values of its download bundles, you can check it yourself.
  • 14. Application: With DigitalApplication: With Digital SignatureSignature  Hashing is to digest the original message while signing the document digitally. I agree to pay $50 for the software Hash Algorithm er4a46b7w05348 94789 Encrypt 43985dlfslfnsv90 64klj79dsflk6 Private Key Hash of Document Digital Signature Document to be Signed
  • 15. Trapdoor One-way FunctionTrapdoor One-way Function  A trapdoor one-way function is a special type of one-way function, one with a secret trapdoor. It is easy to compute in one direction and hard to compute in the other direction. But, if you know the secret, you can easily compute the function in the other direction.  That is, it is easy to compute f(x) given x, and hard to compute x given f(x). However, there is some secret information, y, such that given f(x) and y it is easy to compute x.  A watch is a good example of a trap-door one-way function. It is easy to disassemble a watch into hundreds of pieces. It is very difficult to put those tiny pieces back together into a working watch. However, with the assembly instructions it is much easier
  • 16. What is Birthday AttackWhat is Birthday Attack  A birthday attack is a name used to refer to a class of brute- force attacks. It is a type of cryptographic attack that exploits the mathematics behind the birthday problem in probability theory. This attack can be used to abuse communication between two or more parties.  It gets its name from the surprising result that the probability that two or more people in a group of 23 people share the same birthday is greater than 50.7%. Such a result is called a birthday paradox.  Birthday attacks are often used to find collisions of hash functions. However to understand birthday attack we have study the birthday problem.
  • 17. Birthday ProblemBirthday Problem  In probability theory, the birthday problem or birthday paradoxconcerns the probability that, in a set of randomly chosen people, some pair of them will have the same birthday.  By the pigeonhole principle, the probability reaches 100% when the number of people reaches 367, since there are 366 possible birthdays, including February 29.  However, 99.9% probability is reached with just 70 people, and 50% probability with 23 people. These conclusions include the assumption that each day of the year (except February 29) is equally probable for a birthday.  The mathematics behind this problem led to a well-known cryptographic attack called the birthday attack, which uses this probabilistic model to reduce the complexity of finding a collision for a hash function.
  • 18. Mathematical base of BirthdayMathematical base of Birthday ProblemProblem  The problem is to compute the approximate probability that in a group of n people, at least two have the same birthday.  The goal is to compute P(A), the probability that at least two people in the room have the same birthday.  However, it is simpler to calculate P(A'), the probability that no two people in the room have the same birthday. Because A and A' are the only two possibilities and are also mutually exclusive, P(A) = 1 − P(A').  When events are independent of each other, the probability of all of the events occurring is equal to a product of the probabilities of each of the events occurring. Therefore, if P(A') can be described as 23 independent events, P(A') could be calculated as P(1) × P(2) × P(3) × ... × P(23).
  • 19. Mathematical base of BirthdayMathematical base of Birthday ProblemProblem  The 23 independent events correspond to the 23 people, and can be defined in order. Each event can be defined as the corresponding person not sharing his/her birthday with any of the previously analyzed people.  For Event 1, there are no previously analyzed people. Therefore, the probability, P(1), that Person 1 does not share his/her birthday with previously analyzed people is 1, or 100%.  Ignoring leap years for this analysis, the probability of person 1 can also be written as 365/365, for reasons that will become clear below.  For Event 2, the only previously analyzed people are Person 1. Assuming that birthdays are equally likely to happen on each of the 365 days of the year, the probability, P(2), that Person 2 has a different birthday than Person 1 is 364/365. This is because, if Person 2 was born on any of the other 364 days of the year, Persons 1 and 2 will not share the same birthday.
  • 20. Mathematical base of BirthdayMathematical base of Birthday ProblemProblem  Similarly, if Person 3 is born on any of the 363 days of the year other than the birthdays of Persons 1 and 2, Person 3 will not share their birthday. This makes the probability P(3) = 363/365  P(A') is equal to the product of these individual probabilities:  Then  Finally P(A’) = 0.492703  Now as P(A)=1-P(A’) then P(A)= 1- 0.492703= 0.507297 or 50.7%  So the possibility of 2 person in a group of 23 people have same birthday is 50.7%
  • 21. Mathematical base of BirthdayMathematical base of Birthday ProblemProblem  So the possibility of 2 person in a group of 23 people have same birthday is P(A)= 1- P(A‘)  Where P(A’)= is the possibility of not have same birthday, that is for a group of 23 people  Then we can write in general, the possibility of 2 person in a group of n people have same birthday is P(A)= 1- P(A‘)
  • 22. Snefru: Hash AlgorithmSnefru: Hash Algorithm • Snefru is a cryptographic hash function invented by Ralph Merkle in 1990 while working at Xerox PARC. It was named after the Egyptian Pharaoh Sneferu, continuing the tradition of the Khufu and Khafre block ciphers. • The function supports 128-bit and 256-bit output, meaning Snefru hashes arbitrary-length messages into either 128-bit or 256-bit values.  The original design of Snefru was shown to be insecure by Eli Biham and Adi Shamir who were able to use differential cryptanalysis to find hash collisions
  • 23. MD4 HashingMD4 Hashing  Both MD4 and MD5 were invented by Ron Rivest . MD stands for Message Digest. The algorithms produce 128-bit hash values.  It takes a message of arbitrary length as input and produces a 128 bit “fingerprint” or “message digest” or hash value as output .  It is computationally infeasible to produce two messages having the same message digest.  This algorithm has incluenced the posterior algorithms like MD5, SHA and RIPEMD.  MD4 is used to compute NTLM password-derived key digests on Microsoft Windows NT, XP, Vista and 7
  • 24. MD4 HashingMD4 Hashing MD4("The quick brown fox jumps over the lazy dog") = 1bee69a46ba811185c194762abaeae90 Even a small change in the message will (with overwhelming probability) result in a completely different hash, e.g. changing d to c: MD4("The quick brown fox jumps over the lazy cog") = b86e130ce7028da59e672d56ad0113df The hash of the zero-length string is: MD4("") = 31d6cfe0d16ae931b73c59d7e0c089c0
  • 25. MD4 AlgorithmMD4 Algorithm  We begin by supposing that we have a b bit message as input, and that we wish to find its message digest. Here b is an arbitrary nonnegative integer; b may be zero, it need not be a multiple of 8, and it may be arbitrarily large. We imagine the bits of the message written down as follows: m0 m1m2m3... mb-1
  • 26. Little VS Big EndianLittle VS Big Endian  We've defined a word to mean 32 bits. This is the same as 4 bytes. Integers, single-precision floating point numbers, and MIPS instructions are all 32 bits long. How can we store these values into memory? After all, each memory address can store a single byte, not 4 bytes.  The answer is simple. We split the 32 bit quantity into 4 bytes. For example, suppose we have a 32 bit quantity, written as 90AB12CD16, which is hexadecimal. Since each hex digit is 4 bits, we need 8 hex digits to represent the 32 bit value.  So, the 4 bytes are: 90, AB, 12, CD where each byte requires 2 hex digits.  It turns out there are two ways to store this in memory.
  • 27. Little VS Big EndianLittle VS Big Endian Address Value 1000 CD 1001 12 1002 AB 1003 90  In little endian, you store the least significant byte in the smallest address. That is the least significant byte is stored first. Little EndianLittle Endian  In big endian, you store the most significant byte in the smallest address, which is in the reverse order compared to little endian. Address Value 1000 90 1001 AB 1002 12 1003 CD Big EndianBig Endian
  • 28. MD4 : Append bitsMD4 : Append bits  Step 1. Append padding bits : The message is padded (extended) so that its length (in bits) is congruent to 448, modulo 512. That is, the message is extended so that it is just 64 bits shy(Short) of being a multiple of 512 bits long. Padding is always performed, even if the length of the message is already congruent to 448, modulo 512 (in which case 512 bits of padding are added).  Padding is performed as follows: a single “1” bit is appended to the message, and then enough zero bits are appended so that the length in bits of the padded message becomes congruent to 448, modulo 512. (This padding operation is invertible, SO that different inputs yield different outputs-this would not be true if we merely(rarely) padded with 0’s.)
  • 29. MD4 : Append LengthMD4 : Append Length  Step 2. Append length: A 64-bit representation of b (the length of the message before the padding bits were added) is appended to the result of the previous step. These bits are appended as two 32-bit words and appended low-order word first in accordance with the previous conventions. In the unlikely event that b is greater than 264 , then only the low-order 64 bits of b are used.  At this point the resulting message (after padding with bits and with b) has a length that is an exact multiple of 512 bits. Equivalently, this message has a length that is an exact multiple of 16 (32-bit) words. Let M[O.. . N – 1] denote the words of the resulting message, where N is a multiple of 16.
  • 30. MD4 : Initialize MD BufferMD4 : Initialize MD Buffer  Step 3. Initialize MD buffer: A 4-word buffer (A, B, C, D) is used to compute the message digest. Here each of A, B, C, D is a 32-bit register. These registers are initialized to the following values (in hexadecimal, low-order bytes first): word A: 01 23 45 67 word B: 89 ab cd ef word C: fe dc ba 98 word D: 76 54 32 10
  • 31. MD4 : Process MessageMD4 : Process Message  Step 4. Process message in 16-word blocks : Process message in 16- word blocks. It contain 3 round with 16 steps or operation each(MD5 has 4 rounds). It take three 32 bit words as input and produce one 32 bit word as output.  We first define three auxiliary functions that each take as input three 32-bit words and produce as output one 32-bit word. F(X, Y, Z)=(X Y ) (¬X Z) [Step 0 to 15]∧ ∨ ∧ G(X, Y, Z)=(X Y ) (X Z) (Y Z) [Step 16 to 31]∧ ∨ ∧ ∨ ∧ H(X, Y, Z)=X Y Z [Step 32 to 47]⊕ ⊕ Where is XOR,⊕ is AND, is OR and∧ ∨ ¬ is NOT  In each bit position F facts as a conditional: if x then y else z. In each bit position G acts as a majority function: if at least two of x,y, z are one, then G has a one in that position. The function H is the bit-wise xor or parity function.  MD4 utilizes two “magic constants” in rounds two and three.
  • 32. MD4 : Output MessageMD4 : Output Message  Step 5 – output : The message digest produced as output is A, B, C, D. That is, we begin with the low-order byte of A, and end with the high-order byte of D
  • 33. MD4 Design GoalMD4 Design Goal  Rivest outlined his design goals for the algorithm: 1. Security : It is computationally infeasible to find two messages that hashed to the same value. 2. Direct Security : MD4’s security is not based on any assumption rather than the computational efficiency of computer 3. Attack : No attack is more efficient than brute force. 4. Speed : MD4 is suitable for high-speed software implementations. It is based on a simple set of bit manipulations on 32-bit operands. 5. Simplicity and Compactness : MD4 is as simple as possible, without large data structures or a complicated program. 6. Favor Little-Endian Architectures : Meaning it stores the least- significant byte of a word in the low-address byte position(to the right most position).MD4 is optimized for microprocessor architectures (specifically Intel microprocessors); larger and faster computers make any necessary translations.
  • 34. Security of MD4Security of MD4  The security of MD4 has been severely compromised. The first full collision attack against MD4 was published in 1995 and several newer attacks have been published since then. As of 2007, an attack can generate collisions in less than 2 MD4 hash operations. A theoretical preimage attack also exists.  For evaluating the strength of a hash function 2 concepts are in use. 1. Resistant to preimage attack: Given a hash value obtain a message that has the same hash value. 2. Resistant to collision attack: Obtain two message that has the same hash.
  • 35. MD4 VS MD5MD4 VS MD5  Actually both MD4 & MD5 are not encryption algorithm, they are a hash function that produce a 128-bit hash value. These are used with encryption algorithms, sometimes.  The following are the differences between MD4 and MD5: 1. A fourth round has been added. 2. Each step now has a unique additive constant. 3. The function G in round 2 was changed from (XY v XZ v YZ) to (XZ v Y not(Z)) to make G less symmetric. 4. Each step now adds in the result of the previous step. This promotes a faster "avalanche effect". 5. The order in which input words are accessed in rounds 2 and 3 is changed, to make these patterns less like each other. 6. The shift amounts in each round have been approximately optimized, to yield a faster "avalanche effect." The shifts in different rounds are distinct.
  • 36. MD5 HashingMD5 Hashing  The MD5 message-digest algorithm is a widely used cryptographic hash function producing a 128-bit (16-byte) hash value, typically expressed in text format as a 32 digit hexadecimal number. MD5 were invented by Ron Rivest as an improved version of MD4.  MD5 has been utilized in a wide variety of cryptographic applications, and is also commonly used to verify data integrity. It is Intended where a large file must be “compressed” in a secure manner before being encrypted with a private key under a public-key cryptosystem such as PGP.  MD5 can be used to store a one-way hash of a password, often with key stretching.
  • 37. Security of MD5Security of MD5  In 2004 it was shown that MD5 is not collision resistant. As such, MD5 is not suitable for applications like SSL certificates or digital signatures that rely on this property for digital security.  Also in 2004 more serious flaws were discovered in MD5, making further use of the algorithm for security purposes questionable. Specifically, a group of researchers described how to create a pair of files that share the same MD5 checksum.  Further advances were made in breaking MD5 in 2005, 2006, and 2007.  In December 2008, a group of researchers used this technique to fake SSL certificate validity, and CMU Software Engineering Institute now says that “MD5 should be considered cryptographically broken and unsuitable for further use"
  • 38. MD5 : Append bitsMD5 : Append bits  Step 1. Append padding bits : The message is padded (extended) so that its length (in bits) is congruent to 448, modulo 512. That is, the message is extended so that it is just 64 bits shy(Short) of being a multiple of 512 bits long. Padding is always performed, even if the length of the message is already congruent to 448, modulo 512 (in which case 512 bits of padding are added).  Padding is performed as follows: a single “1” bit is appended to the message, and then enough zero bits are appended so that the length in bits of the padded message becomes congruent to 448, modulo 512. (This padding operation is invertible, SO that different inputs yield different outputs-this would not be true if we merely(rarely) padded with 0’s.)
  • 39. MD5 : Append LengthMD5 : Append Length  Step 2. Append length: A 64-bit representation of b (the length of the message before the padding bits were added) is appended to the result of the previous step. These bits are appended as two 32-bit words and appended low-order word first in accordance with the previous conventions. In the unlikely event that b is greater than 264 , then only the low-order 64 bits of b are used.  At this point the resulting message (after padding with bits and with b) has a length that is an exact multiple of 512 bits. Equivalently, this message has a length that is an exact multiple of 16 (32-bit) words. Let M[O.. . N – 1] denote the words of the resulting message, where N is a multiple of 16.
  • 40. MD5 : Initialize MD BufferMD5 : Initialize MD Buffer  Step 3. Initialize MD buffer: A 4-word buffer (A, B, C, D) is used to compute the message digest. Here each of A, B, C, D is a 32-bit register. These registers are initialized to the following values (in hexadecimal, low-order bytes first): word A: 01 23 45 67 word B: 89 ab cd ef word C: fe dc ba 98 word D: 76 54 32 10  There are called chaining variables
  • 41. MD5 : Process MessageMD5 : Process Message  Step 4. Process message in 16-word blocks : Process message in 16- word blocks. It contain 4 round with 16 steps or operation each(MD4 has 3 rounds). It take three 32 bit words as input and produce one 32 bit word as output.  We first define three auxiliary functions that each take as input three 32-bit words and produce as output one 32-bit word. F(X,Y,Z) = (X∧Y) ∨ ((¬ X)∧Z) [Step 0 to 15] G(X,Y,Z) = (X∧Z) ∨ (Y∧(¬ Z)) [Step 16 to 31] H(X,Y,Z) = X Y Z⊕ ⊕ [Step 32 to 47] I(X,Y,Z) = Y ⊕ (X∨(¬ Z)) [Step 48 to 64]  In each bit position f acts as a conditional: if x then y else z. In each bit position g acts as a majority function: if at least two of x,y, z are one, then g has a one in that position. The function h is the bit-wise xor or parity function.  MD4 utilizes two “magic constants” in rounds two and three. The round two constant is fi and the round 3 constant is a
  • 42. MD5 : Output MessageMD5 : Output Message  Step 5 output : The message digest produced as output is A, B, C, D. That is, we begin with the low-order byte of A, and end with the high-order byte of D Main Loop of MD5
  • 43. One MD5 OperationOne MD5 Operation  MD4 consists of 48 of these operations, grouped in 3 rounds of 16 operations.  While MD5 consists of 64 of these operations, grouped in 4 rounds of operations.  F is a nonlinear function; one function is used in each round.  Mi denotes a 32-bit block of the message input, and Ki denotes a 32-bit constant, different for each operation
  • 44. MD5 : ApplicationsMD5 : Applications  MD5 digests have been widely used in the software world to provide some assurance that a transferred file has arrived intact. For example, file servers often provide a pre-computed MD5 (known as Md5sum) checksum for the files, so that a user can compare the checksum of the downloaded file to it.  Most unix-based operating systems include MD5 sum utilities in their distribution packages;  Windows users may install a Microsoft utility or use third- party applications.  Android ROMs also utilize this type of checksum.
  • 45. SHA: Secure Hashing AlgorithmSHA: Secure Hashing Algorithm  The Secure Hash Algorithm is a family of cryptographic hash functions published by the National Institute of Standards and Technology (NIST) as a U.S. Federal Information Processing Standard (FIPS)  It includes the following variations: 1. SHA 2. SHA-0 3. SHA-1 4. SHA-2 5. SHA-3
  • 46.  The SHA is called secure because it is designed to be computationally infeasible to find two different messages which produce the same message digest. Any change to a message in transit will result in a different message digest, and the signature will fail to verify.  Secure Hash Algorithm (SHA) is necessary to ensure the security of the Digital Signature Algorithm (DSA).It takes a message of any length <264 bits as input and produces a 160-bit message digest as output.  The message digest is then input to the DSA, which computes the signature for the message. Signing the message digest rather than the message often improves the efficiency of the process, because the message digest is usually much smaller than the message. SHA: Secure Hashing AlgorithmSHA: Secure Hashing Algorithm
  • 47. SHA: VariationsSHA: Variations  SHA: It is the original version and 160-bit hash function published in 1993.  SHA-0: A retronym applied to the original version of the 160- bit hash function published in 1993 under the name "SHA". It was withdrawn shortly after publication due to an undisclosed "significant flaw" and replaced by the slightly revised version SHA-1.  SHA-1: A 160-bit hash function which resembles the earlier MD5 algorithm. This was designed by the NSA to be part of the Digital Signature Algorithm. Cryptographic weaknesses were discovered in SHA-1, and the standard was no longer approved for most cryptographic uses after 2010.
  • 48. SHA: VariationsSHA: Variations • SHA-2: It is a family of two similar hash functions known as SHA-256 and SHA-512, with different block sizes. Both algorithm belongs to SHA-2. They differ in the word size. SHA- 256 uses 32-bit words where SHA-512 uses 64-bit words. There are also truncated versions of each standard, known as SHA-224, SHA-384, SHA-512/224 and SHA-512/256. These were also designed by the NSA. • SHA-3: A hash function formerly called Keccak, chosen in 2012 after a public competition among non-NSA designers. It supports the same hash lengths as SHA-2 but its internal structure differs significantly from the rest of the SHA family.
  • 49. SHA: Append BitsSHA: Append Bits  Suppose given a b-bit message as input and we need to find its message digest.  Step 1. Append padding bits : The message is padded exactly as MD5.  The message is padded (extended) so that its length (in bits) is congruent to 448, modulo 512. That is, the message is extended so that it is just 64 bits shy(Short) of being a multiple of 512 bits long. Padding is always performed, even if the length of the message is already congruent to 448, modulo 512 (in which case 512 bits of padding are added).  Padding is performed as follows: a single “1” bit is appended to the message, and then enough zero bits are appended so that the length in bits of the padded message becomes congruent to 448, modulo 512.
  • 50.  Step 2 – append length: A 64 bit representation of message b is appended to the result of the previous step . The resulting message has a length that is an exact multiple of 512 bits.  Step 3 – Initialize MD Buffer: A five-word buffer (A,B,C,D) is used to compute the message digest. Here each of A,B,C,D,E is a 32 bit register . These registers are initialized to the following values in hexadecimal: Word A : 67 45 23 01 Word B : ef cd ab 89 Word C : 98 ba dc fe Word D : 10 32 54 76 Word E : c3 d2 e1 f0  These are called chaining variables SHA: Append BitsSHA: Append Bits
  • 51.  Step 4 – Process message in 16-word blocks. It contains 4 rounds with 20 steps or operations each(MD4 has 3 and MD5 has 4rounds). Four auxiliary functions that take three 32 bit as input words and produce one 32-bit word as output. ft(X,Y,Z) = (X∧Y) ∨ ((¬ X)∧Z) for t=0 to 19 ft(X,Y,Z) = X Y Z for t=20 to 39⊕ ⊕ ft(X,Y,Z) = (X Y ) (X Z) (Y Z) for t=40 to 59∧ ∨ ∧ ∨ ∧ ft(X,Y,Z) = X Y Z for t=60 to 79⊕ ⊕  Step 5 – output : The message digest produced as output is A, B, C, D. That is, output begins with the low-order byte of A, and end with the high-order byte of E. SHA: Process MessageSHA: Process Message
  • 52. SHA-1 VS MD5SHA-1 VS MD5 1. Brute force attack is harder (160 vs 128 bits for MD5) 2. Not vulnerable to any known attacks (compared to MD4/5) 3. Little slower than MD5 (80 vs 64 steps) 4. Both designed as simple and compact 5. Optimised for big endian CPU's (vs MD5 which is optimised for little endian CPU’s)
  • 53. Security of SHASecurity of SHA  Ron Rivest outlined the improvements of SHA with respect to MD4 and MD5: 1. “A fourth round has been added.” SHA does this too. But in SHA 4th round uses the same f function as the 2nd round. 2. “ Each step now has a unique additive constant ”. But SHA reuses the constants for each group of 20 rounds like the MD4. 3. “The function G in round 2 was changed from ((X∧ Y ) ∨ ( X ∧ Z ) ∨ ( Y ∧ Z )) to ((X∧Z) ∨(Y∧ (¬ Z )) to make G less symmetric.” SHA uses the MD4 version ((X∧ Y ) ∨ ( X ∧ Z ) ∨ ( Y ∧ Z ))
  • 54. 4. “The order in which message sub-blocks are accessed in rounds 2 and 3 is changed”. SHA is completely different ,it uses a cyclic error correcting code. 5. “Each step now adds in the result of the previous step. This promotes a faster avalanche effect”. SHA also follows this change 6. “The amounts of left circular shift in each round have been approximately optimized, to yield a faster avalanche effect. The four shifts used in each round are different from the ones used in other rounds.” SHA uses a constant amount of shifts in each round like MD4 Security of SHASecurity of SHA
  • 55. ReferencesReferences  http://en.wikipedia.org/wiki/  Applied Cryptography by Bruce Schneier; 10th Anniversary edition
  • 56. 56 Md. Shakhawat Hossain Student of Department of Computer Science & Engineering University of Rajshahi E-mail: mshimul86@gmail.com

Editor's Notes

  1. Compare using the design goals listed earlier. SHA-1 is probbaly the preferred hash function for new applications. Currently no problems are known with it.